By Topic

Security Analysis of Crypto-based Java Programs using Automated Theorem Provers

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Jurjens, Jan ; Dept. of Software & Syst. Eng., Tech. Univ. Munich

Determining the security properties satisfied by software using cryptography is difficult: Security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the context of cryptographic interactions. Nevertheless, little attention has been paid so far to the verification of such implementations with respect to the secure use of cryptography. We propose an approach to use automated theorem provers for first-order logic to formally verify crypto-based Java implementations, based on control flow graphs. It supports an abstract and modular security analysis by using assertions in the source code. Thus large software systems can be divided into small parts for which a formal security analysis can be performed more easily and the results composed. The assertions are validated against the program behavior in a run-time analysis. Our approach is supported by the tool JavaSec available as open-source and validated in an application to a Java Card implementation of the Common Electronic Purse Specifications and the Java implementation Jessie of SSL

Published in:

Automated Software Engineering, 2006. ASE '06. 21st IEEE/ACM International Conference on

Date of Conference:

18-22 Sept. 2006